From 80a9c399560f7af5d00d947e1f150e17567fb2cf Mon Sep 17 00:00:00 2001 From: andryyy Date: Tue, 8 Oct 2019 17:36:28 +0200 Subject: [PATCH] [Web] Validate plain md5 hashes, closes #3017 --- data/web/inc/functions.inc.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php index 34c63cde9..dff9bdda7 100644 --- a/data/web/inc/functions.inc.php +++ b/data/web/inc/functions.inc.php @@ -386,6 +386,12 @@ function verify_hash($hash, $password) { return true; } } + elseif (preg_match('/^{PLAIN-MD5}/i', $hash)) { + $hash = preg_replace('/^{PLAIN-MD5}/i', '', $hash); + if (md5($password) == $hash) { + return true; + } + } elseif (preg_match('/^{SHA512-CRYPT}/i', $hash)) { // Remove tag if any $hash = preg_replace('/^{SHA512-CRYPT}/i', '', $hash);